Google Cloud’s security and resiliency measures for customers and partners
Phil Venables
VP/CISO, Google Cloud
As the tragic Russian invasion of Ukraine continues, we want to provide customers and partners with an update on how Google Cloud is providing resources for organizations, protecting against potential cyberattacks, and delivering network resiliency. We continue to work closely with U.S. and international officials in our approach—and have undertaken several steps across Google to bolster humanitarian efforts in the region, counter disinformation, and protect local Ukrainian citizens.
Support and resources for organizations
We’ve expanded eligibility for Project Shield, which provides free, unlimited protection against Distributed Denial of Service (DDoS) attacks. The service is now available to certain public sector organizations, including government entities, facing urgent circumstances to ensure that vital information about aid, shelter, and evacuation procedures remains available to people at risk. This includes Ukrainian government websites and embassies worldwide, and other governments in close proximity to the conflict. News organizations, independent journalists, human rights organizations, and elections-monitoring entities around the world are already eligible for protection through Project Shield. More than 150 news and humanitarian organizations in Ukraine are using these protections.
Additionally, Google Cloud is offering free services through credits to eligible organizations, with an emphasis on supporting those involved in providing humanitarian assistance such as medical supplies, food relief, and refugee support and aid.
Cybersecurity protections and readiness
The United States and many other countries have raised concerns that the escalating conflict could result in malicious cyber activity impacting businesses, critical infrastructure owners and operators, nongovernmental organizations, and agencies from local, regional, and nation-state governments.
At Google Cloud, our threat intelligence and cybersecurity teams are constantly on alert for potential threats to our customers, our systems, and the integrity of our platforms. Our approach is security that is built-in by default to our platforms through defense in depth layers and zero-trust principles to protect against the impact of malicious cyber activity. In addition, we ensure the provenance of our software to minimize the risks of compromised supply chains.
Our Google Cybersecurity Action Team has been working with a range of our enterprise and public-sector customers, as well as partners around the world, to help advise on cybersecurity defenses and operational preparedness. We will continue to provide these strategic advisory services and resources for security best practices to partners in government, critical infrastructure, and businesses of all sizes. This includes a security and resiliency framework to help customers protect themselves against adverse cyber events by using our comprehensive suite of security and resilience solutions.
We also provide free versions of our security protections and services to users and organizations around the world, including:
High-risk user protections: Our Advanced Protection Program protects the accounts of high-risk users, including many journalists and activists currently on the ground in Ukraine. The program is free to enroll for any Google account user. We also provide free Security Checkup services to spot risky passwords and enroll our users in two-factor authentication automatically.
Secure email and communication tools: Google Workspace can offer alternative communication tools for users or organizations whose primary email accounts are rendered inaccessible by the conflict.
Cloud security visibility and controls: Google Cloud offers a free version of our Security Command Center to help customers strengthen their security posture by evaluating their security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping mitigate and remediate risks.
Anti-fraud tools: The free tier of reCAPTCHA helps organizations defend their websites against cyberattacks like credential stuffing, account takeovers, and scraping.
Network resilience
Customers have sought confirmation that our network is operating as planned, which we can confirm it is. Google Cloud allows customers to tap into its global infrastructure, including 29 cloud regions around the world, to scale in response to surges in traffic, and absorb DDoS attacks without compromising accessibility.
We expect and plan for failures in our network infrastructure as part of our ongoing availability and resilience strategy. In the event of failure, our network is designed to use a variety of alternate paths. We also operate direct peering with more than 3,000 networks in multiple redundant locations, which enables us to pass and accept traffic to peer networks in many places, increasing both availability and redundancy for us and the networks we work with to reach users and customers.
Google conducts regular testing to rigorously evaluate our infrastructure’s resilience, led by our site reliability engineers. Our teams are trained to find and address potential issues quickly—often even before they arise—and in the event of a disruption they can recover as quickly as possible so that customers can keep their organizations up and running.
The crisis in Ukraine is an extraordinary tragedy, and a humanitarian disaster. As we continue to monitor the situation and take action as needed, we are working directly with our customers, partners, and team members to keep them informed and as safe as possible.